Problem with local/password login
There is a problem in the way authentication for provider_name=='local' with method=password works. When doing this specific authentication, we retrieve the existing user object by matching the username entered and the "screen name".
If someone changes the "screen name" on their profile, the username for the login would change. This would cause confusion.
It probably would be better to do something like ldap/openid where we decouple the login username (stored in UserAssociation's openid_url field) from the screen name (stored in the user's username field).
Of course, now saving the password becomes an issue :)
Just an FYI...This is not something that's an issue for us